Computing devices have increasingly become targets of malicious actors through use of malware. Some types of malware, such as viruses, can cause loss of important business or personal data. Other types of malware, such as spyware, can enable malicious actors to gain access to confidential information.
Many malware detection applications use signatures (or malware definitions) to detect malware. For example, an executable file that includes malware may be processed using a hash function to generate a hash value. The hash value may act as a signature of the entire executable file or of a malware portion of the executable file. The signature may be provided to users of a malware detection application via a malware definitions update. During operation, the malware detection application compares a signature of a malware application in the malware definitions to files in memory or to received files to determine whether the files include the malware that corresponds to the signature. One problem with detecting malware in this way is that new malware can be generated very quickly, potentially at a rate that is equal to or greater than distribution of new malware definitions. Accordingly, it is not unusual for a new malware or new malware-containing file to be distributed to many consumers before the consumers receive appropriate malware definitions updates to enable detection of the new malware. For example, the new malware or new malware-containing file may be distributed as part of an application file package. Because the new malware or new malware-containing file may not have a corresponding signature, the new malware or new malware-containing file may not be identified as malware and may be executed by a computing device, thereby exposing the computing device to the malware.